The Dangers Lurking Behind Short URLs

More and more businesses are leveraging the power of social networking sites, blogs, Twitter, and other Web 2.0 technologies to connect with their customers and partners. However, if left unprotected, they could be susceptible to a mounting tide of Web-based threats.

Take Twitter, for instance. Users "follow" their friends, business associates, customers, their favorite news outlets, and others. Because Twitter limits tweets to just 140 characters, many people use a URL shortening service such as or tinyURL when they want to share a link with others. The shortened versions mask the destination of the original URL and cyber criminals have begun relying on shortened URLs as a way to trick unsuspecting users to click on malicious links.

So, who can you trust: Your friends? Your favorite news source? Sadly, you can’t trust your online network of friends and followers. Recently, hackers exploited flaws in the Cligs’ URL editing software, allowing them to hijack 2.2 million Cligs links. Users are accustomed to trusting links that they receive from their online network of friends and often click on those links without hesitation. Spammers, phishers, and other cyber criminals exploit that trust to spread links to Web sites with malicious code or data-stealing spyware, or to trick users into downloading Trojan horses.

What can you do? If you’re using the social Web, here are three important tips to help you prevent security threats spread by masked URLs:

1. If you are using a browser with plugins, download a link previewer. A link previewer will let you either see the true target of a link or will show you a floating preview of the Web page.

2. If you are a blogger and don’t want your readers to be in danger, download software that blocks comment spam so that your readers won’t accidentally click on malicious links posted on your comment board. One example of free software that does this is Defensio.

3. Always protect your Internet access with a Web security solution that prevents Web 2.0 threats by scanning Web content in real-time and blocking access to the portion of a Web page or Web site that contains a harmful link.

David Meizlik Director, Web and Data Security Websense San Diego

Before it's here, it's on the Bloomberg Terminal.